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(54) Integrated circuit device with function usage control 



(57) An integrated circuit device (chip) 10 has lock 
circuitry (11) that controls operational enablement of a 
functional block (12) of the chip. To unlock the lock cir- 
cuitry, a "chip-key" must be supplied to the chip over a 
secure communications link, the chip-key being com- 
municated in encrypted form and then decrypted in a 
secure communication block 20 of the chip. To prevent 
internal examination of the chip revealing the chip key, 
the latter is not stored as such in the chip. Instead, only 
a signature of the chip-key is stored, the latter being 
formed from the chip-key by subjecting the latter to a 
one-way function. The chip-key input to the lock circuitry 



(1 1) is subjected to the same one-way function in block 
(26) before being compared with the stored chip-key in 
comparator (27); if a match is found, a gating circuit (18) 
is enabled to pass a necessary signal (such as a clock 
signal) to the functional block (12). By way of example, 
the secure communication block (20) may implement 
the Diffie-Hellman Key Exchange algorithm whilst the 
one-way function block (26) may implement a one-way 
hash function such as effected by the Secure Hash 
Algorithm. 



27 



CLK 



WRITE f~ 28 | „ 

CONTROL 



25' 



30 



' REG. 



COMR 



GATING 
CIRCUfT 



27 



19 



2 <r 



20 



ONE-WAY HASH FUNCTION 
^tV1 



SECURE COMMUNICATIONS 



21 — | r~22 



LOCK CTRY 



11 



17 V*Mi 



urv-ft- 



FUNCTIONAL 
BLOCK 



FIG. 1 



1 



EP0743 602 A1 



2 



Description 

Field of the Invention 

The present invention relates to integrated circuit s 
devices with function usage control. 

Background of the Invention 

In the field of computer security, two strands can be 10 
distinguished, namely data access control and function 
usage control. These strands overlap and intertwine 
with each other - thus, data access control frequently 
relies on restricting usage of accessing equipment 
(function usage control) whilst function usage control is is 
often critically based on the secure storage of pass- 
words (data access control). 

With regard to data access control, this may take 
the form of providing a generally secure environment in 
which the data to be secured is kept and thai controlling 20 
use of data accessing equipment. However, in many 
cases it is not possible to guarentee the security of the 
environment and in such cases the data to be secured 
must either be held in a tamper-proof package or stored 
in encrypted form. The latter approach may not always 25 
be possible (a master encryption key must be stored in 
clear) and therefore much effort has been put into the 
design of tamper-proof packages which, for example, 
destroy internally-stored critical data if any attempt is 
made to open the package. Although tamper-proof 30 
packages are usually designed to hold at least small cir- 
cuit boards, tamper-proof features have also been pro- 
vided for some "smart card" chips. 

Turning now to function usage control with which 
the present invention is concerned, various techniques 35 
are known for ensuring that only authorised persons 
can gain operational access to items such as computer 
systems and other electronic equipment. For example, 
a computer may offer password protection whereby 
upon power on of the computer or following activation of 40 
password protection (for example, when a user tempo- 
rarily goes away from the computer), a predetermined 
password must be entered before the operational capa- 
balities of the computer are restored. Another well- 
known function usage control technique is the use of 45 
personal identification numbers (PINs) in relation to 
automatic teller machines (ATMs). In both these cases, 
a user has to remember the enabling password (of 
whatever form, including a PIN) with the result that such 
passwords are usually short and not very secure, often so 
being guessable. 

An alternative approach is to use a portable ele- 
ment such as a magnetic-stripe card or a "smart" card 
to store an enabling password, this portable element 
being carried by an authorised user and being used to 55 
enable the equipment concerned. In this case, the pass- 
word may be considerably longer and therefore more 
secure. 



One potential weakness in the foregoing arrange- 
ments is that the equipment subject to usage control 
needs to store a copy of the enabling password for com- 
parison against a user input password (returning us to 
the data access control issue). If the password is stored 
in clear, the password can be discovered if the equip- 
ment can be internally physically accessed by an unau- 
thorised user (here referred to as an "intruder"). One 
way to overcome this weakness is to store only a signa- 
ture of the password of the equipment, the signature 
being of such a form that the password cannot be 
derived from it whilst the equipment can readily form the 
signature from the password when the latter is input by 
a legitimate user. Such an approach uses a function 
such as a one-way hash function to derive the signature 
from the password. 

However, even such sophisticated techniques can 
be rendered worthless if the physical structure of the 
equipment enables an intruder either to capture the 
password at the time of its input by a user (which may 
be possible even if the password is passed to the equip- 
ment in encrypted form), or to circumvent the usage 
control mechanism and directly access the functional 
elements of the equipment. 

To overcome the possibility of an intruder gaining 
internal physical access to an item of equipment, it is 
known to provide physical locks on equipment cases. 
More sophisticated approaches are also known, though 
generally in the context of protecting highly sensitive 
data; thus, it is known to provide tamper-proof enclo- 
sures for encryption/decryption modules storing 
encryption/decryption keys, any attempt to open the 
module resulting in destruction of the keys. Such an 
approach to providing a defense against internal physi- 
cal tampering, whilst effective, is generally very expen- 
sive and is not applied to the protection of functionality 
that is not intimately associated with sensitive data. 

It is an object of the present invention to provide a 
general approach to function usage control which is 
suitable for electronic equipment that may be physically 
accessible to unauthorised users but which does not 
require the use of a special tamper-proof enclosure. 

Summary of the Invention 

In general terms, the present invention envisages 
providing function usage control at the level of the inte- 
grated circuit devices making up an electronic assembly 
whereby the use of the functionality provided by at least 
one of the integrated circuit devices first requires that 
device to be provided with the correct password ("chip 
key") in encrypted form. Such function usage control is 
provided by a lock circuitry cell incorporated into each 
device requiring controlled access to its functionality. 
With such an arrangement, an intruder having internal 
physical access to an item of equipment cannot unlock 
the functionality of a protected device, and cannot 
access that functionality directly since opening up the 
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device concerned would destroy the sought-after func- 
tionality. 

More formally stated, according to the present 
invention there is provided an integrated circuit device 
comprising a functional block for providing the device 5 
with a required functionality, and lock circuitry for inhib- 
iting operation of this functional block until the provision 
to the lock circuitry, from externally of the device, of at 
least one predetermined chip key in encrypted form; the 
lock circuitry comprising: w 

storage means for storing at least one reference 
value, 

secure communication means for receiving an 
input from externally of the device and for sub- is 
jecting that input to a decryption process to pro- 
duce a first intermediate value, the nature of the 
decryption process being such that said first 
intermediate- value corresponds to the clear 
form of a said chip key when said input is that 20 
key in encrypted form, 

means for receiving the first intermediate value - 
and for performing a one-way function on it to 
produce a second intermediate value, 
comparison means for detecting a match 25 
between the second intermediate value and . a 
stored reference value, and for producing an 
enable signal when at least one such match has 
been detected, and 

inhibit means for inhibiting operation of said 30 
functional block until the enable signal is pro- 
duced. 

By way of example, the secure communication 
means may implement the Diffie-Hellman Key 35 
Exchange algorithm with a one-time cryptographic key 
being used for passing said input to the device. The 
one-way function may be a one-way hash function such 
as effected by the Secure Hash Algorithm. 

In the preferred embodiment of the invention, the 40 
inhibit means cuts off a required clock signal to the func- 
tional block thereby rendering the latter internally inop- 
erative rather than merely operationally inaccessible. 

The functional block may provide standard function- 
ality, the device having all the usual access pins (for 45 
example, data, address and control bus lines). The 
functionality to be protected is preferably high value 
functionality such as control functionality for units exter- 
nal to the device or processing functionality for process- 
ing externally supplied data and outputting that data so 
(rather than storing the data). 

In one embodiment of the invention, the storage 
means stores a plurality of reference values in respect 
of the said functional block, the comparison means pro- 
ducing said enable signal only after detecting a match ss 
for each stored reference value. 

In another embodiment, the device is provided both 
with a plurality of functional blocks each having a 
respective reference value stored in the storage means, 



and with a respective inhibit means for each functional 
block; in this case, upon the comparison means detect- 
ing a match between the second intermediate value and 
a stored reference value, it provides the enable signal to 
the inhibit means of the functional block associated with 
the matched reference value. 

With either of the foregoing embodiments, it is also 
possible to arrange for operational enablement of one 
functional block to be conditional upon both the receipt 
of an enable signal by the corresponding inhibit means 
and the prior enablement of another one of the func- 
tional blocks. 

The present invention embraces the concept of 
having a family of integrated circuit devices all including 
a lock circuitry of the above form, the lock circuitry pref- 
erably being available as a standard cell for incorpora- 
tion into new integrated circuit devices as required. 

Thus, according to another aspect of the present 
invention, there is provided a standard cell for incorpo- 
ration into an integrated circuit device to control opera- 
tional enablement of a functional block of the device, the 
standard cell comprising: 

storage means for storing at least one reference 
value, 

secure communication means for receiving an 
input and subjecting it to a decryption process 
to produce a first intermediate value, 
one-way means for receiving the first intermedi- 
ate value and for performing a one-way function 
on it to produce a second intermediate value, 
and 

comparison means for detecting a match 
between the second intermediate value and a 
stored reference value, and for producing an 
enable signal when at least one match has 
been detected. 

The standard cell may further comprise inhibit 
means for cutting off a required signal, such as a clock 
signal, to the functional block until said enable signal is 
produced; alternatively, the inhibit means may be 
designed into the circuitry of the functional block itself. 

The present invention therefore envisages an inte- 
grated circuit manufacturing method including the steps 
of providing a library of fabrication data on a plurality of 
standard cells and selecting and utilising the fabrication 
data on at least one such cell in the manufacture of an 
integrated circuit device, the library including fabrication 
data on a standard cell of the form set out in the preced- 
ing paragraph. 

Brief Description of the Drawings 

An integrated circuit device embodying the inven- 
tion and electronic assemblies incorporating such 
devices in accordance with the invention, will now be 
described, by way of non-limiting example, with refer- 
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ence to the accompanying diagrammatic drawings, in 
which: 

Figure 1 is a block diagram of the integrated cir- 
cuit device showing the lock circuitry for 5 
controlling enablement of a functional 
block of the device; 

Figure 2. is a diagram illustrating various 
arrangements for enabling different 
functional blocks provided in the same 10 
integrated circuit device; 

Figure 3(a) is a diagram of a first arrangement of 
three integrated circuit devices pro- 
vided with lock circuitry; and 

Figure 3(b) is a diagram of a second arrangement is 
of three integrated circuit devices pro- 
vided with lock circuitry. 



Best Mode of Carrying Out the Invention 
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The integrated circuit device 10 (hereinafter "chip") 
shown in diagrammatic form in Figure 1 comprises lock ' 
circuitry 11 controlling operational enablement of a 
functional block 12 (Figure 1 is not intended to accu- 
rately represent the relative chip areas occupied by the 25 
circuitry 1 1 and functional block 12). Functional block 12 . 
may, for example, be a data compression engine for 
compressing / decompressing externally supplied data, 
or part of a disk-drive controller. 

The functional block 12 is connected to external 30 
data, address and control lines 13, 14, 15 through exter- 
nal chip contacts ( not explicitly shown). The block 12 
operates in standard manner with the exception that for 
its operation it needs to be supplied with a signal on line 
16 coining from the lock circuitry 11. In the present 35 
example, the required signal on line 16 is an external 
clock signal delivered over control line 1 7 to a gating cir- 
cuit 18 of the lock circuitry 1 1 . When the gating circuit is 
fed with an enable signal on line 19, the external clock 
signal is passed to the block 1 2 enabling its operation; in 40 
the absence of an enable signal on line 19, the block 1 2 
is internally non-operational. 

To unlock the lock circuitry 1 1 to enable block 12, a 
predetermined password (chip-key) must be supplied to 
the lock circuitry 1 1 from externally of the chip 10. Two 45 
particular measures are taken to ensure the conf identi- 
ality of this chip-key. First, the chip-key is passed to the 
chip 10 in encrypted form, the encrypted chip-key being 
decrypted in the lock circuitry 11 . To this end, the lock 
circuitry comprises a secure communication block 20 so 
that communicates with the outside world over serial 
input and output lines 21 , 22. The block 20 implements, 
for example, the well-known Diffie-Hellman Key 
Exchange algorithm (see, for example, "Network and 
Internetwork Security", p342, William Stallings, Pren- ss 
tice Hall International, 1995); by operating this public 
key algorithm with one-time cryptographic keys, a chip- 
key can be passed to the chip 20 in a confidential man- 
ner that is proof against a replay attack. 



When the secure communications block 20 is fed 
with an encrypted chip-key, it decrypts the chip-key and 
temporarily outputs the chip-key as first intermediate 
value IV1. 

The second measure taken to ensure the confiden- 
tiality of the chip-key, is that a copy of the chip-key is not 
stored as such in chip 10 for comparison against the 
input chip-key Instead, a signature of the correct chip- 
key for the chip concerned is stored in register 25 of the 
lock circuitry, this signature being a value formed by 
subjecting the clear form of the chip-key to a one-way 
function. This one-way function is, for example, a one- 
way hash function such as effected the Secure Hash 
Algorithm SHA (see page 276 of the aforesaid refer- 
ence "Network and Internetwork Security"). Were an 
intruder able gain access to register 25 in a manner per- 
mitting its contents to be read, this would not compro- 
mise the chip-key as it would not be computationally 
feasible to determine the latter from its signature held in 
register 25. 

In order to ascertain whether an input chip-key is 
the correct one to unlock the particular chip 10 con- 
cerned, the lock circuitry further comprises a one-way 
function block 26 that subjects the chip-key output as 
IV1 from block 20 to the one-way function (in this case, 
the SHA) used to form the chip-key signature held in 
register 25. The resultant intermediate value I V2 output 
by block 26 is then compared in comparison block 27 
with the signature stored in register 25; if a match is 
found, the comparison block 27 outputs an enable sig- 
nal on line 19 to cause operational enablement of the 
functional block 12. The comparison block latches the 
enable signal in the sense that once this signal is gener- 
ated, it remains present notwithstanding removal of the 
correct IV2 value, until the chip is de-energised (or 
some other condition is achieved). 

The chip-key signature stored in register 25 may be 
set in permanently at the time of manufacture or, as in 
the present example, written in subsequently (the regis- 
ter in this case being for example, Flash or EEPROM 
memory). To control this latter process, the chip 10 is 
provided with a write control circuit 28 interposed 
between the data lines 14 and the register 25. In order 
to write to the register 25, the required chip-key signa- 
ture value is placed on the data lines 14 and a write- 
enable signal is passed on line 29 to the write control 
circuit 28. Additionally, the write control circuit 28 is 
arranged only to enable writing to the register 25 either 
if its contents are all zeroes (indicating that no chip-key 
signature has yet been written in) or if the lock circuitry 
is currently in its unlocked state (as indicated, for exam- 
ple, by the presence of a signal on line 30 from the com- 
parison block 27). 

Once the required chip-key signature has been 
written to the register 25, further writing to the register 
could be prevented by providing a fusible link in the 
write control circuitry 28, the link being blown upon 
application of an appropriate external signal on line 31. 
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Typically, the chip key in clear form may have a 
length of 1 Kbits. 

Although in Figure 1 the chip 10 is shown with only 
one functional block 12 controlled by the lock circuitry 
1 1 , a number of such blocks may be provided typically 5 
each with different functionality. Such an arrangement is 
shown in Figure 2 for five functional blocks 12A to 12E. 
In this case a respective gating circuit 18 is associated 
with each functional block and the register 25 is 
replaced by a register block 35 storing signatures for a 10 
plurality of different chip-keys associated with particular 
ones of the functional blocks. In Figure 2, these signa- 
tures are designated H(K1) to H(K6), corresponding to 
the hash of chip-keys K1 to K6 respectively. When pre- 
sented with an intermediate value IV2, the comparison 15 
block 27 now searches for a match amongst the signa- 
tures H(K1) to H(K6) stored in register block 35 and 
upon finding a match takes appropriate action in respect 
of the associated functional block. 

In the Figure 2 example, for functional blocks 12A, 20 
12B, 12C a single respective signature H(K1), H(K2), 
H(K3) is stored in register block 35 and upon signal IV2 - 
taking on a corresponding value, the comparison block 
27 outputs an enable signal to the appropriate func- 
tional block. The functionality of the blocks 12A, 12B 25 
and 12C can thus be selectively enabled according to 
the input chip-key and this permits different functionality 
to be made available to different users. 

The enablement of block 12D is more involved than 
for blocks 12A.B.C. In this case, not only must signal IV2 30 
take on the correct value corresponding to the stored 
signature H(K4) for block 12D, but block 12C must also 
have first been enabled. This is achieved by having the 
gating circuit 1 8 associated with the block 1 2D only ena- 
ble the latter upon receipt of enable signals both from 35 
the comparison block 27 and from the block 12C, the 
latter only supplying such a signal when itself enabled. 
This general arrangement permits a hierarchical access 
scheme to be implemented by which each level has a 
corresponding chip-key and users can only enable f unc- 40 
tional blocks up to a level in the hierarchy for which they 
have the correct chip-keys. 

Enablement of functional block 12E requires the 
input of two encrypted chip-keys K5, K6 (possibly in 
direct succession), the register block 35 storing the cor- 45 
responding signatures H(K5), H(K6) of both chip-keys. 
In this case, the comparison block 27 when identifying a 
match for a first one of the chip-keys, must remember 
this fact and await detection of a match for the second 
one of the chip-keys before outputting an enable signal so 
to the gating circuit 18 associated with functional block 
12E. . 

It will be appreciated that the different approaches 
described above for enabling blocks 12A-C, block 12D, 
and block 12E can be used in any desired combination 55 
as required. It will also be appreciated that the chip 10 
can be provided with one or more functional blocks that 
are not controlled by the lock circuitry 1 i, such blocks 
being unconditionally available for use. 



Figure 3 illustrates two arrangements of three chips 
10 in an electronic assembly. For clarity, in Figure 3, 
only the input connection to the lock circuitry 1 1 of each 
chip 10 has been shown, this connection being repre- 
sented by a single line (generally, it will be two lines as 
shown in Figure 1 as two-way communication is 
required for the secure communication process). Again, 
for clarity, each chip is shown as having only one main 
functional block 12 controlled by the lock circuitry 1 1 . 

Figure 3(a) illustrates an arrangement in which all 
three chips 10 are fed with the encrypted chip key for 
unlocking their functionality, each chip storing the same 
chip key signature. This arrangement is suitable where 
the chips each contain critical functionality but an 
authorised user of such functionality needs access to all 
such functionality and there is no practical requirement 
for selective enablement of functionality of the electronic 
assembly. 

Figure 3(b) illustrates an arrangement in which all 
three chips 10 are independently controlled for unlock- 
ing their functionality, each chip storing a different chip 
key signature. Such an arrangement is suitable where 
the functions provided by the chips can be used inde- 
pendently and different users are granted different 
usage permissions. 

It will be appreciated that where different chip keys 
are to be passed to different chips, this can be done 
over the same communication lines since passing a 
chip key to a chip for which it is not intended simply 
means that the chip will not be unlocked. 

Various modifications may be made to the 
described embodiments of the present invention. Fur- 
thermore, as will be apparent from the foregoing, lock 
circuitry 1 1 can be provided in chips having a variety of 
different functions. The lock circuitry can thus be con- 
sidered as a building block useful for designing chips 
with secure functionality. To this end, fabrication data on 
the lock circuitry can be held in a standard cell library 
and then used as required in the design and manufac- 
ture of a family of chips all exhibiting the security fea- 
tures provided by the lock circuitry. 

Claims 

1 . An integrated circuit device comprising a functional 
block for providing the device with a required func- 
tionality, and lock circuitry for inhibiting operation of 
said functional block until the provision to the lock 
circuitry, from externally of the device, of at least 
one predetermined chip key in encrypted form; the 
lock circuitry comprising: 

storage means for storing at least one ref- 
erence value, 

secure communication means for receiving 
an input from externally of the device and 
for subjecting that input to a decryption 
process to produce a first intermediate 
value, the nature of said decryption proc- 
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ess being such that said first intermediate 
value corresponds to the clear form of a 
said chip key when said input is that key in 
encrypted form, 

means for receiving said first intermediate 5 
value and for performing a one-way func- 
tion on it to produce a second intermediate 
value, 

comparison means for detecting a match 
between said second intermediate value 10 
and a said at least one reference value, and 
for producing an enable signal when at 
least one said match has been detected, 
and 

inhibit means for inhibiting operation of said is 
functional block until said enable signal is 
produced. 



2. An integrated circuit device according to claim 1, 
wherein functional block is rendered internally inop- 20 
erative by said inhibit means until said enable signal 

is produced. 

3. An integrated circuit device according to claim 2, 
wherein said inhibit means is operative to cut off a 25 
required clock signal to the functional block until 
said enable signal is produced. 

4. An integrated circuit device according to claim 1 , 
wherein the primary purpose of said functional 30 
block is the control of an external item and/or the 
processing of externally-supplied data. 

5. An electronic assembly, including a plurality of inte- 
grated circuit devices permanently installed therein, 35 
at least one said device being in accordance with 
claim 1 . 

6. A device according to claim 1 or claim 3, wherein 
said storage means stores a plurality of said refer- 40 
ence values in respect of said functional block, said 
comparison means producing said enable signal 
only after detecting a said match for each reference 
value of said plurality of reference values. 

45 

7. A device according to claim 1 or claim 3, wherein 
the device is provided with a plurality of said func- 
tional blocks and said storage means stores a 
respective said reference value in respect of each 
such functional block, the lock circuitry comprising so 
a respective said inhibit means for each functional 
block and the comparison means upon detecting a 
match between said second intermediate value and 

a said reference value, providing said enable signal 
to the inhibit means of the functional block associ- 55 
ated with the matched reference value. 

8. A device according to daim 7, wherein operational 
enablement of one said functional block is condi- 



tional upon both the receipt of an enable signal by 
the corresponding inhibit means and the prior ena- 
blement of another of said functional blocks. 

9. A family of integrated circuit devices according to 
claim 1, wherein the functionality provided by the 
said functional block differs between said devices. 

10. A standard cell for incorporation into an integrated 
circuit device to control operational enablement of a 
functional block of the device, the standard cell 
comprising: 

- storage means for storing at least one refer- 
ence value, 

secure communication means for receiving an 
input and subjecting it to a decryption process 
to produce a first intermediate value, 

- one-way means for receiving said first interme- 
diate value and for performing a one-way func- 
tion on it to produce a second intermediate 
value, and 

- comparison means for detecting a match 
between said second intermediate value and a 
said at least one reference value, and for pro- 
ducing an enable signal when at least one said 
match has been detected. 

11. A standard cell according to claim 10, further com- 
prising inhibit means for cutting off a required clock 
signal to the functional block until said enable signal 
is produced. 

12. An integrated circuit manufacturing method includ- 
ing the steps of providing a library of fabrication 
data on a plurality of standard cells and selecting 
and utilising said fabrication data on at least one 
such cell in the manufacture of an integrated circuit 
device, said library including fabrication data on a 
standard cell according to claim 10 or claim 1 1 . 

Amended Claims 

1 . An integrated circuit device comprising a func- 
tional block for providing the device with a required 
functionality, and lock circuitry for inhibiting opera- 
tion of said functional block until the provision to the 
lock circuitry, from externally of the device, of at 
least one predetermined chip key in encrypted 
form; the lock circuitry comprising: 

- storage means for storing at least one refer- 
ence value, 

-- secure communication means for receiving 
an input from externally of the device and for 
subjecting that input to a decryption process to 
produce a first intermediate value, the nature of 
said decryption process being such that said 
first intermediate value corresponds to the 
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clear form of a said chip key when said input is 
that key in encrypted form, 
- means for receiving said first intermediate 
value and for performing a one-way function on 
it to produce a second intermediate value, s 

comparison means for detecting a match 
between said second intermediate value and a 
said at least one reference value, and for pro- 
ducing an enable signal when at least one said 
match has been detected, and w 
-- inhibit means for inhibiting operation of said 
functional block until said enable signal is pro- 
duced; 

the primary purpose of said functional block is the 15 
control of an external item and/or the processing of 
externally-supplied data. 

2. An integrated circuit device according to claim 1 , 
wherein functional block is rendered internally inop- 20 
erative by said inhibit means until said enable signal 

is produced. 

3. An integrated circuit device according to claim 2, 
wherein said inhibit means is operative to cut off a 25 
required clock signal to the functional block until 
said enable signal is produced. 

4. An electronic assembly, including a plurality of 
integrated circuit devices permanently installed 30 
therein, at least one said device being in accord- 
ance with claim 1 . 

5. A device according to claim 1 , wherein said stor- 
age means stores a plurality of said reference val- 35 
ues in respect of said functional block, said 
comparison means producing said enable signal 
only after detecting a said match for each reference 
value of said plurality of reference values. 

40 

6. A device according to claim 1 , wherein the device 
is provided with a plurality of said functional blocks 
and said storage means stores a respective said 
reference value in respect of each such functional 
block, the lock circuitry comprising a respective 45 
said inhibit means for each functional block and the 
comparison means upon detecting a match 
between said second intermediate value and a said 
reference value, providing said enable signal to the 
inhibit means of the functional block associated so 
with the matched reference value. 

7. A device according to claim 6, wherein opera- 
tional enablement of one said functional block is 
conditional upon both the receipt of an enable sig- ss 
nal by the corresponding inhibit means and the 
prior enablement of another of said functional 
blocks. 



8. A family of integrated circuit devices according to 
claim 1, wherein the functionality provided by the 
said functional block differs between said devices. 

9. A standard cell for incorporation into an inte- 
grated circuit device to control operational enable- 
ment of a functional block of the device, the 
standard cell comprising: 

- storage means for storing at least one refer- 
ence value, 

-- secure communication means for receiving 
an input and subjecting it to a decryption proc- 
ess to produce a first intermediate value, 
-- one-way means for receiving said first inter- 
mediate value and for performing a one-way 
function on it to produce a second intermediate 
value, and 

-- comparison means for detecting a match 
between said second intermediate value and a 
said at least one reference value, and for pro- 
ducing an enable signal when at least one said 
match has been detected. 

10. A standard cell according to claim 9, further 
comprising inhibit means for cutting off a required 
clock signal to the functional block until said enable 
signal is produced. 

11. An integrated circuit manufacturing method 
including the steps of providing a library of fabrica- 
tion data on a plurality of standard cells and select- 
ing and utilising said fabrication data on at least one 
such cell in the manufacture of an integrated circuit 
device, said library including fabrication data on a 
standard cell according to claim 9 or claim 10. 
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